Vulnerabilities > Apache > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-12 CVE-2023-37579 Unspecified vulnerability in Apache Pulsar
Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker. This issue affects Apache Pulsar: before 2.10.4, and 2.11.0. Any authenticated user can retrieve a source's configuration or a sink's configuration without authorization.
network
low complexity
apache
6.5
2023-07-10 CVE-2023-35887 Unspecified vulnerability in Apache Sshd
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks. This issue affects Apache MINA: from 1.0 before 2.10.
network
low complexity
apache
4.3
2023-07-07 CVE-2023-33008 Unspecified vulnerability in Apache Johnzon
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers (numbers such as 1e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk).
network
low complexity
apache
5.3
2023-07-05 CVE-2023-34150 Unspecified vulnerability in Apache Any23
** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.
network
low complexity
apache
5.3
2023-06-27 CVE-2023-35798 Unspecified vulnerability in Apache products
Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it. This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1. It is recommended to upgrade to a version that is not affected
network
low complexity
apache
4.3
2023-06-19 CVE-2023-35005 Unspecified vulnerability in Apache Airflow 2.5.0/2.6.0/2.6.1
In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive. This issue affects Apache Airflow: from 2.5.0 before 2.6.2.
network
low complexity
apache
6.5
2023-06-14 CVE-2023-34149 Unspecified vulnerability in Apache Struts
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.
network
low complexity
apache
6.5
2023-06-12 CVE-2023-34212 Deserialization of Untrusted Data vulnerability in Apache Nifi
The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location. The resolution validates the JNDI URL and restricts locations to a set of allowed schemes. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.
network
low complexity
apache CWE-502
6.5
2023-05-25 CVE-2022-46907 Unspecified vulnerability in Apache Jspwiki
A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
network
low complexity
apache
6.1
2023-05-22 CVE-2023-31101 Unspecified vulnerability in Apache Inlong 1.5.0/1.6.0
Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0.
network
low complexity
apache
6.5